Ars technica reports
on the “Cable Haunt” vulnerability that afflicts a large number of
Websockets, however, aren’t protected by CORS, as the mechanism is usually
allowing attackers to reach the endpoint and serve it code.” Thus
far, there doesn’t seem to be any information out there on whether routers
running OpenWrt are vulnerable.